've noted that many web-based services are claiming to increase their security.

Generally speaking for the user this appears as a longer password with some form of complexity (numbers, uppercase, specials).

I just want to raise 3 points here :

- use of uppercase/lowercase is a killer for aged people that typically type in whatever case is active. So asking them to SHIFT-key is quite blind-sided.

- the idea that more complex is better is a red-herring. Go to any office space and look for post-its, anything long and crazy-looking ... is a password. So we are moving responsibility from web service to individual, but we are not giving the individual the means to keep it secure.

- security 101. think of those web sites that insist on registration. Here I typically register with a password like qwerty12345 and rely on the forgotten password button. You'd be surprised how many sites (some actually claiming to provide secure cloud disk storage) will send me my password in clear by email (rather than the better password-reset link).

All this to say that this is not security.

I can understand security but it should bridge what technology can do with what users are willing to bear (and understand). But systematically pushing the onus on users is equivalent to leaving an open door.

Claw

Member

Forum Posts: 86

Member Since: July 11, 2012

Offline

2

March 23, 2013 - 10:32 pm

Hey Thinowns, I've used that "forgot password" button often. Why don't you try passwords of your favorite things, like, for example,, Fishing-1 or Cycling-2. You know know, just something simple to you but unknown to strangers on the net. Just a suggestion buddy. Take care.

Alan Wade

Sweden

Member

Forum Posts: 43

Member Since: January 18, 2013

Offline

3

March 24, 2013 - 5:16 am

Install LastPass that way you only need to remember the password to your vault. It also generates passwords so you dont even have to do that and you can set it to auto-fill/login to any site you wish.